Cryptolocker encrypts files on the compromised computer and demands a ransom to provide the decryption key needed to decrypt the files.
F-Secure detects Cryptolocker malware using a variety of generic detections. Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Like most ransomware, though the malware itself can be removed, the encryption used to take the files hostage is sufficient to make it very difficult to decrypt the files without the necessary decryption key.
In such circumstances, the recommended course of action is to report the crime to the relevant authorities and restore the affected data from a backup.
Cryptolocker is ransomware that is spread by both malicious file attachments to email messages and via the Gameover Zeus botnet. When Cryptolocker is run, it encrypts files on the compromised machine and displays a message informing the user that a decryption key must be purchased in order to recover access to the files held at ransom.
For more information, see:
If you believe you have encountered an undetected Cryptolocker sample, please send it to us for analysis via our Submit A Sample (SAS) page.
Update: 10 February, 2015: Details of the CTB-Locker ransomware which were originally posted in this description have now been moved to a separate description, Trojan:W32/CTB-Locker, to minimize confusion between these two ransomware families.